Performance Impact

The performance cost of the LSM framework is critical to its acceptance;
in fact, performance cost was a major part of the debate at the
Linux 2.5 developer's summit that spawned LSM. To rigorously document
the performance costs of LSM, we performed both microbenchmarks and
macrobenchmarks that compared a stock Linux kernel to one modified with
the LSM patch, but with no modules loaded.8

For microbenchmarks, we used the LMBench [22] tool.
LMBench was developed specifically to measure the performance of
core kernel system calls and facilities, such as file access, context
switching, and memory movement. LMBench has been particularly effective
at establishing and maintaining excellent performance in these core
facilities in the Linux kernel.

LMBench outputs prodigious results. The worst case overhead was 6.2% for
stat(), 6.6% for open/close, and 7.2% for file delete. These
results are to be expected, because of the relatively small amount of
work done in each call compared to the work of checking for LSM
mediation. The common case was much better, often 0% overhead, ranging
up to 2% overhead.

For macrobenchmarking, we used the common approach of building the Linux
kernel from source. The results here were even better: no measurable
performance impact.9 More detailed performance data can be
found in [31].